(1) Field of the Invention
The present invention relates to a secret data management apparatus and method which controls secret data, such as a secret key which a certificate authority issues for a user. Further, the present invention relates to a computer readable medium storing program code instructions which cause a processor to execute a secret data management processing in a secret data management apparatus.
(2) Description of the Related Art
Generally, in a conventional secret data management system, an electronically stored secret key is controlled by using a password including a number of alphanumeric characters in order to avoid discovery by a hacker. It is desired for a user to make use of several different passwords when gaining access to various electronic communication services. However, it is practically difficult for the user to memorize the respective passwords for obtaining such services. In many cases, the user makes use of a single password when obtaining the services.
In a conventional system, a password based on personal information, such as a birth date or a phone number, is often input by the user. The possibility that a serious hacker discovers the password based on personal data is higher than a mathematically estimated possibility of the discovery of the password.
Further, when the user of the conventional secret data management system makes an electronic communication through the Internet, the user often inputs a password including alphanumeric characters. The user runs the risk of leakage of the password to hackers in such a case.
As described above, when a password including alphanumeric characters is used for controlling the secret key, the possibility of the discovery of the password is increased according to the manner in which the user makes use of the password.
The secret key controlled by the use of the password generally indicates a numerical value of several hundred digits. It is practically impossible for the user to memorize the numerical value of the secret key. In many cases, a storage medium, such as an IC card, in which the secret data is stored is used. When the secret key from the IC card is controlled by using the password as in the above conventional system, the possibility of the discovery of the password is increased according to the manner in which the user makes use of the password. If the IC card is stolen by a hacker, the hacker will easily discover the password to gain access to the secret data.
When the secret key is controlled by using the alphanumeric password in the conventional secret data management system, the conventional system fails to provide adequate security for the secret information in the conventional system.
A conceivable method to increase security for the secret information in the conventional system is to use an alphanumeric password including a large number of digits which is hard to discover. However, it is difficult for the user to memorize such a password, and the use of such a password is inconvenient for the user. The above-mentioned method also fails to provide adequate security for the secret information.
As described above, the user often inputs a password based on personal data pertaining to the user when gaining access to the secret information. The possibility that a serious hacker discovers the password based on the personal data is higher than the mathematically estimated possibility of the discovery of the password. The conventional secret data management system fails to provide adequate security for the secret information.
Further, when the user of the conventional secret data management system makes an electronic communication through the Internet, the user has to input a password including alphanumeric characters by operating a keyboard of a personal computer instead of a mouse. Generally, when obtaining electronic communication services, the user frequently operates the mouse. The user must operate the keyboard only when inputting the password, and therefore, the use of the alphanumeric password is considerably inconvenient for the user.